Penetration Testing is an evaluation methodology whereby ethical hackers search for vulnerabilities within technology systems and attempt to circumvent the security features of a network and/or information system. This is also known as a “pen test”.
It is a process to identify security vulnerabilities within an application or computing system by evaluating these things with a variety of malicious techniques. Vulnerable system or application areas are identified through this process of authorized simulated attack. The primary purpose of executing this type of testing on a system is simulate outsider hackers and identify vulnerabilities in systems that could lead to unauthorized access by ethical hackers before real-world hackers take advantage of those vulnerabilities.
Related Term: Vulnerability Assessment
Source: NCSD Glossary, CNSSI 4009, NIST SP 800-53 Rev 4